This proposal is a result of the discussion on GitHub PR #12369:
https://github.com/openssl/openssl/pull/12369
Matt Caswell has agreed to raise the vote with the OMC.
Please provide any feedback you have on the wording, so it can be
Integrated into the original at:
https://gist.github.com/ee30b5c8f52e030629dc2de95f81d8b1
--
OMC VOTE: macOS ARM64 Support in OpenSSL 1.1.1 LTS
Background to the vote:
Apple has recently released new Mac computers that are powered by their own
ARMv8 compatible SoC called the Apple Silicon M1 or short M1.
This chip is an evolution of their previous ARM chips in the A series, most
similar to the A14 used in the latest generations of iPhones and iPads, but
with a chip configuration like the iPad Pro.
Since this is a CPU architecture that was previously used by iOS devices, it
is already well supported by OpenSSL including various assembly optimizations.
In order to support it on macOS on the current stable version OpenSSL 1.1.1,
a new build target needs to be added to the build configuration script, which
has been proposed and discussed in PR #12369 [1].
This is a problem, because the OpenSSL LTS rules state that only bug fixes and
security fixes are accepted into the stable codebase.
It is also unique cause it requires no code changes to support a new platform.
Since OpenSSL 3.0 is still in alpha and because the code is very low impact,
with only eight lines of configuration, I would like to ask the OMC to make
and exception to the rule in this case.
It is important that this patch is accepted upstream, because there is a good
amount of uncertainty for maintainers in downstream projects like Homebrew,
the most popular package manager for macOS, about keeping out of tree patches
for security sensitive software like OpenSSL.
Accepting the patch gives these maintainers the certainty, that it is safe to
use and removes the need vor various downstream projects to maintain the patch.
This is also important since I've seen multiple variations of the patch in the
wild that didn't actually work as intended, due to being incorrectly ported
from the master branch - leading to working, but fully unoptimized builds.
I would also ask to make this decision independent of the ongoing proposal
for LTS+ releases by Matt Caswell, that would allow for adding new platforms
with greater changes to the codebase. I think it has a much bigger scope and
is likely going to take some time to get right.
This should be seen as one time exception and is not intended as a precedent
for future cases, which should be covered by the LTS+ proposal.
[1] https://github.com/openssl/openssl/pull/12369
The vote text is as follows:
topic: Regarding inclusion of macOS ARM64 Support in OpenSSL 1.1.1 LTS:
The OMC accepts the required configuration change, making an exception to the
LTS rule that prevents adding new platforms.
Proposed by Felix Buenemann
--
Regards, Felix Buenemann
